Multi-level security (MLS) systems are known as systems capable of preventing secrets from leaking, while allowing contents having a plurality of security levels to be edited and referred to.
For instance, Patent Document 1 describes an access right management control system for a file system that utilizes an MLS system. In fact, the Patent Document 1 shows an access control system for handling two or more than two security levels that utilize “access right numbers”. With this system, only users can become subjects and objects are files on the table of a database or on a file system. Access right numbers are assigned in advance to both the object and the subjects. When a user tries to access a file in the system, the user is authorized to access the file when the user's access right number is less than the access right number of the file but rejected to access the file when the user's access right number is not less than the access right number of the file.
Patent Document 2 describes a method of securely transferring data and a security level change selection mechanism as a method utilizing an MLS system. More specifically, the Patent Document 2 describes an MLS-based copy & paste control system that can be used in an X window system where each window has a security level. An MLS-based copy & paste control system is a system where copy & paste from a window of an unclassified level to a window of a secret level is authorized but copy & paste in the other way is not authorized or the destination window is raised to the secret level for paste. The Patent Document 2 also shows an installation system of relaying all inter-window communications for copy & paste by a given “selection manager”, using a uniformly expanded X server, and collectively managing paste control operations according to security levels.
Patent Document 3 describes an information processing apparatus that utilizes an MLS system. The information processing apparatus supports the MLS having two-dimensional security levels by using an operating system (OS). The two-dimensional security levels are expressed by means of a combination (1, n) of an access right level 1 and an access right range n. The access right level 1 is a value that can be compared for magnitude and the access right range n is a character string that only defines a same value relationship. A security level is defined in the form of a combination (1, n) for a process and a file. For instance, assume that a process of security level (P1, Pn) tries to access a file of security level (F1, Fn). Then, the information processing apparatus authorizes the access of the process to the file only when the relationships of “P1≧F1” and “Pn=Fn” hold true.
Of the above-described security levels, the access right level may typically take a value that indicates “secret” or “unclassified”. On the other hand, access right ranges may be interpreted as categories of information having different properties. Two-dimensional security levels are employed in the information processing apparatus described in the Patent Document 3 by combining an access right level and an access right range. With this arrangement, when two information categories of “personal information” and “technological information” are handled as access right ranges for security levels, it is possible to manage confidential information in each of such information categories as independent confidential information. For example, if there is a process by way of which it is possible to access a file belonging to the information category of “personal information” in terms of the access right range of security level, it is not possible to access any file belonging to the information category of “technological information” in terms of the access right range of security level by way of such a process.
Patent Document 1: JP 5-181734-A (Paragraphs 0028-0030, FIG. 8)
Patent Document 2: JP 8-255132-A (Paragraphs 0020-0024, FIGS. 1, 4)
Patent Document 3: JP 2001-350663-A (Paragraphs 0039-0047, FIGS. 1, 7)